Add V2 Importer for Tuxcare advisories

[Samk1710]

Addresses Issue:

• Import data from Tuxcare #2004

Data Source: https://cve.tuxcare.com/els/download-json?orderBy=updated-desc

Importer Log Excerpt:

Importing data using tuxcare_importer_v2
INFO 2026-01-26 19:49:29.721368 UTC Pipeline [TuxCareImporterPipeline] starting
INFO 2026-01-26 19:49:29.721706 UTC Step [fetch] starting
INFO 2026-01-26 19:49:29.721766 UTC Fetching `https://cve.tuxcare.com/els/download-json?orderBy=updated-desc`
INFO 2026-01-26 19:51:10.961749 UTC Grouped 66,363 records into 9,649 unique CVEs (skipped 11,023: 0 invalid, 11,023 non-affected)
INFO 2026-01-26 19:51:10.963427 UTC Step [fetch] completed in 101 seconds (1.7 minutes)
INFO 2026-01-26 19:51:10.963586 UTC Step [collect_and_store_advisories] starting
INFO 2026-01-26 19:51:10.963635 UTC Collecting 9,649 advisories
INFO 2026-01-26 19:51:19.935667 UTC Progress: 10% (965/9649) ETA: 81 seconds (1.4 minutes)
INFO 2026-01-26 19:51:27.608222 UTC Progress: 20% (1930/9649) ETA: 67 seconds (1.1 minutes)
INFO 2026-01-26 19:51:36.572045 UTC Progress: 30% (2895/9649) ETA: 60 seconds
INFO 2026-01-26 19:51:45.463802 UTC Progress: 40% (3860/9649) ETA: 52 seconds
INFO 2026-01-26 19:51:54.916604 UTC Progress: 50% (4825/9649) ETA: 44 seconds
INFO 2026-01-26 19:52:02.836165 UTC Progress: 60% (5790/9649) ETA: 35 seconds
INFO 2026-01-26 19:52:11.500848 UTC Progress: 70% (6755/9649) ETA: 26 seconds
INFO 2026-01-26 19:52:20.017145 UTC Progress: 80% (7720/9649) ETA: 17 seconds
INFO 2026-01-26 19:52:28.159588 UTC Progress: 90% (8685/9649) ETA: 9 seconds
INFO 2026-01-26 19:52:35.721813 UTC Progress: 100% (9649/9649)
INFO 2026-01-26 19:52:35.729484 UTC Successfully collected 9,649 advisories
INFO 2026-01-26 19:52:35.729635 UTC Step [collect_and_store_advisories] completed in 85 seconds (1.4 minutes)
INFO 2026-01-26 19:52:35.729686 UTC Pipeline completed in 186 seconds (3.1 minutes)

[ziadhany]

@Samk1710 Thanks , see feedback and suggestions below

[Samk1710]

@ziadhany Thanks for your review.
I have updated the code as per your suggestion and feedback. Requesting a re-review. Thanks again!

[ziadhany]

@Samk1710, could you please also fix the CI ?

[Samk1710]

Hey @ziadhany
I have updated the implementation as per your review and suggestion of os_name qualifier. Do let me know if it aligns with what you had in mind. Thanks !

[Samk1710]

Hey @ziadhany
I have refactored the purl as per your suggestion and pushed. Thanks for the guidance :)

[Samk1710]

@Samk1710, could you please also fix the CI ?

Hey @ziadhany could you kindly run the checks. I have fixed the import ordering. Thanks.

[ziadhany]

@Samk1710 , The code looks good. I think we just need some refinement of the package URL and the affected and fixed versions.

[Samk1710]

Hey @ziadhany

I have rectified the PURL. Also added more data to test each OS type with their respective PURLs.
After some digging in I also found the documentation for statuses and also implemented them.
Please see #2104 (comment)

Kindly review the changes when you have time. Thanks.

[Samk1710]

Hey @ziadhany
As per discussions in the weekly meet, I have implemented the Impact Packages and also mapped the version range.
Kindly take a look at them and let me know if anything has to be improved. Please review when time. Thanks.

[ziadhany]

The code looks good, just a few nits.

[ziadhany]

What is the use of the severity_added variable? Why aren’t severity and score enough to add severity if it exists?

[Samk1710]

Each CVE has only one severity score shared across all packages/distributions for that CVE, so we only want to add the severity once per advisory.
See: https://cve.tuxcare.com/els/cve?cve=CVE-2023-52922&os=&project=&version=&status=&after=&before=&orderBy=updated-desc

I have added a minor refactor and used if severity and score and not severities instead of the boolean.

[Samk1710]

The code looks good, just a few nits.

Thanks @ziadhany
I’ve addressed the review comments and pushed the latest changes.
Please let me know if anything else needs adjustment.